Entware offering updated openssl 1.1.1j-2 -> 1.1.1k-1

Wallace_n_Gromit

Senior Member
I noticed Entware update available from amtm:

8 open nsrum v30.4.0

ep manage Entware packages -> upd avail
- libopenssl 1.1.1j-2 -> 1.1.1k-1


awm Asuswrt-Merlin firmware 386.2.0

This begged a question in my mind.

Might I infer that if you have not updated your Merlin version to 386.2 which has updated to openssl 1.1.1k, for what ever reason, (i.e. some configuration issue that may have forced you back to a earlier Merlin version) that the updated entware package being offered will provide the same openssl 1.1.1k version/security protection on any earlier Merlin firmware version?
 

Wallace_n_Gromit

Senior Member
No. The updated openssl libraries would only be used by Entware packages, not the rest of the firmware.
I was guessing that to be the case since even with a router updated to Merlin 386.2 the entware update to 1.1.1k was still being offered, but had to confirm. Thanx
 

Makaveli

Very Senior Member
Just wanted to confirm here.

So if we are on 386.2 do we update this or no?

open ssl.PNG
 

ColinTaylor

Part of the Furniture
Whether you choose to update or not isn't dependant on what firmware version you are using. It's the same decision you make when any Entware package is updated. To see what packages use it you can issue this command:
Code:
# opkg whatdepends libopenssl
Root set:
  libopenssl
What depends on root set
        openssh-sftp-server 8.4p1-4     depends on libopenssl
        bind-libs 9.17.10-1     depends on libopenssl
        bind-dig 9.17.10-1      depends on bind-libs
I can't think of a reason not to update it.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top